Identity intelligence and zero trust: why visibility still fails

TL;DR: Zero Trust efforts still leave most organisations exposed because 87% experienced multiple identity-related breaches last year while many cannot see 56% of their machine identities, according to SPHERE. The security model fails when identity visibility, ownership, and remediation remain incomplete across human and non-human populations.

NHIMG editorial — based on content published by SPHERE: Identity Intelligence and Zero Trust

By the numbers:

• 87% of organizations experienced multiple identity-related breaches last year despite having Zero Trust initiatives in place.
• Most organizations cannot see 56% of their machine identities.
• Machine identities now outnumber human identities 82 to 1.

Questions worth separating out

Q: How should security teams improve Zero Trust when machine identities are mostly invisible?

A: They should start with continuous discovery, ownership validation, and entitlement mapping before trying to automate remediation.

Q: Why do unmanaged non-human identities undermine Zero Trust architectures?

A: Unmanaged non-human identities undermine Zero Trust because the model assumes every identity can be verified, classified, and constrained.

Q: What breaks when ownership is missing for service accounts and API keys?

A: Access review, remediation, and accountability all break when ownership is missing.

Practitioner guidance

• Establish continuous identity discovery across all identity stores Scan directories, cloud platforms, databases, infrastructure, and application-layer identity sources continuously so new service accounts and secrets do not sit unnoticed between review cycles.
• Map ownership for every non-human identity Require a validated owner for service accounts, API keys, tokens, and automation identities, then block remediation workflows from acting on unowned accounts without escalation.
• Correlate entitlement chains before approving access changes Trace inherited and nested permissions across PAM, IGA, cloud IAM, and directory services so privilege decisions are based on the full access path rather than a single account record.

What's in the full article

SPHERE Technology Solutions' full guide covers the operational detail this post intentionally leaves for the source:

• A full IVIP architecture view showing how discovery, analytics, ownership mapping, and remediation connect to existing PAM, IGA, SIEM, and ITSM tools.
• KPI definitions and target thresholds for identity hygiene score, mean time to remediation, and privileged account exposure reduction.
• Implementation guidance for universal discovery across cloud, directory, database, and infrastructure identity sources.
• Examples of how organisations use automated remediation without disrupting production workflows.

👉 Read SPHERE Technology Solutions' guide to identity intelligence and Zero Trust →

Identity intelligence and zero trust: why visibility still fails?

Explore further

View Full Forum →  |  NHI Foundation Course →